#AI Chatbot in Minecraft!

where's the source code?

its closed source

you are using an open source license

apache 2.0 doesnt require you to release source code, but you are required to release modifications

your mod uses cc0

where did you get that

it clearly says in the curseforge site

from your mod jar

you may want to update the one in the jar then

should be fixed now 👍 uploading the mod jar

thanks for pointing that out

1. why closed-source?
2. what’s the backend for this mod? how does it work?

1. it has private api keys and urls which we do not want the public to access
2. our backend is our own customised ai trained on a faiss index based purely on the entire minecraft wiki, and hosted in the cloud

1. are you aware of utilities like Github Secrets?
2. interesting, did you build the model from scratch yourself? or what’s the base

1. yes i am aware of github secrets, but it wont work with our system
2. i use a text embedding model (which is the brains), then i use a llm to produce the answer (the voice)

1. i see. jsyk it’s not that hard to trace where requests are going… security through obscurity isn’t a good tactic for a url. additionally, people will probably feel a little bit more comfortable about a mod that sends requests if it’s open source. my 2¢

most people, or the general public dont really care about how it works, they just want an ai chatbot, besides, if someone decides to ddos or whatever, google has us protected 🙂

Unless it's obfuscated anyone can get the keys by decompiling

its decoded so if they have the keys they wont be able to use it properly

decoded?

yes

or encoded

wdym

I think you mean obfuscated?

yes

like you used skidfuscator or something?

something like that yes

Can I decompile it?

Just asking out of courtesy

I do a lot of reverse engineering stuff

preferably i wouldnt want you to

sorry this is really funny to me

Why?

if your security is “we are gonna ask people nicely not to decompile our software” then you need better security

Yes that's true

I learned that early

if they get the keys and stuff they wont be able to anything with it because they wont know how to make requests with them,

(I put an unobfuscated discord webhook from my 2.5k member server in my mod)

You can read the src to make requests tho

Lemme see

I don’t ask my computer’s manufacturer for permission to disassemble the computer

True

Ok recaf time

Oh yeah this is easily crackable

if they decompile the mod then they can see how it works internally on the client side…

It sends a HttpURLConnection to their endpoint which is static 🙁

Meaning that can't be changed later if they get new hosting

you have to assume that a malicious actor has access to all your clientside code, because they usually do. compilation is not security, especially not with Java

Hell, obfuscation isn't security

My friends proved that with skidfuscator

mojang proved that with their own obfuscation lol

And just for the record i can make requests

Lemme make a sh script rq

try it then

Just remembered why I hate bash fr

are you on mac or linux?

Windows but wsl

so ubuntu

just sideload linux

btw you have to chmod it

to make executable

Yes I know 🤦‍♂️

lol i was just making sure

Too much work

all you need is a 8gb stick and boot into it

Yes I know

I've done it before

But I don't want to close all my stuff on windows

Yep that was easy

vms are an option too

@pliant nimbus @timid schooner

i see

(I literally just pasted the src into chatgpt and asked it to make a shell script it would've been quicker if I hadn't forgotten to change line endings)

i remember why i hate bash

you’re brave for doing this in bash instead of python

I didn't even think of python lol

I was on wsl for another project rn and I've used bash in the past for webhook and networking stuff

i do everything in python lol

same

Python is not my default

For most things

I like java and bash although i'm probably best in python out of the 3

even the little shell commands i’ve implemented on my computer are all in python just with shebangs

it also depends on the stuff you do tbh

-# i kinda do everything tbh

i do a lot of noise and other math-heavy stuff and i implement all those functions in numpy

and then for work i use python for like. running sims and analyses and such and writing flight code

no one does everything… what do you do?

I use python for work for data analysis and automation, and then in my spare time I use it for my personal AI projects

I also use java for game design for minecraft

And I've used a fair amount of bash in misc scripting to go with python automation

i got your ip lol

Honestly don't really care if you DDOS me i'll reset my router

and if you leak it you'll get banned

so

ik im not a devil

I've had worse people get my ip

ips dont really appeal to hackers nowadays

they just want credit card information

Not much you can do beyond DDoS

Which atp is kind of useless

not really

you can iptrace

which can be used to get bank information if you use online banking

Oh true

./notchnet.sh ask hwo do i beat the wither
To beat the Wither, you have two main strategies depending on your preference for a direct fight or an easier method.

**For a direct, fair fight:**
First, prepare with the best gear. Enchanted diamond or netherite armor and a sword, especially with the Smite enchantment, are highly recommended. Bring a bow, plenty of arrows, Instant Health II splash potions, golden apples, and a Strength II potion.

Spawn the Wither by placing four soul sand or soul soil blocks in a "T" shape and putting three Wither skulls on top. Immediately after spawning it, run far away to avoid its massive initial explosion.

Once the explosion happens, return and attack from a distance with your bow. Keep shooting until its health is reduced. Use your Instant Health splash potions to heal yourself and eat golden apples when needed. When the Wither's health drops to half (50%), drink your Strength II potion and finish it off with your sword. In Bedrock Edition, be extra careful when it reaches half health, as it will explode again, summon wither skeletons, and start using dangerous dash attacks.

**For an easier method, especially in Bedrock Edition:**
Find a location with a low, uneven bedrock ceiling in the Nether. Spawn the Wither in this area. It will get stuck in the bedrock, unable to move or attack you effectively, while you can safely shoot it with arrows until it is defeated. This method requires much less gear and potions.

This is a really good chatbot tho I gotta say

ty ty

ive spent a lot of time on it

feels good to release a project

Most devs WILL care about how it works

I have friends who won't run a mod unless it's opensource or they've decomped it

the thing is though that most of my target market isnt devs

Even if it's posted on MR/CF

besides i am still learning cybersecurity

its not really my strong point

This reminds me of the mojang chatbot

but like if it was actually good

Merl

merl was horrible

i can sell mine to mojang

easy money

XD

millionare at the age of 15

Mojang wouldn't pay a mil for this

I could do this myself if I wanted to

tru

Sell it to them beat you to it

/j

you need some beefy computers though

im paying £150 per month for these computers

Oh wow

What is it running on?

4090s?

gcloud

50x0?

nvidia t4s

lwk was expecting the bot to just say "I don't know" to everything

i dont do that

have you tried the minecraft mod btw?

You gotta get some real security omg

google gots that

in this thread we’re just playing around but someone’s gonna fuck you over bc your api key is exposed

ik im working on that

plus im limiting requests to only java clients

base64 encoding MY_REAL_API_KEY is not really the best solution

jshell

setting the user agent

whatever you end up doing won't be sufficient as you don't control the jvm so anything in the jar is effectively public no matter how much you put into it

exactly

reading this thread is just making me go every few messages

all i know how to develop is the backend, which is ai, im very new to minecraft modding so this is all new to me

most of my effort has gone into the backend

this isn’t really a minecraft modding thing; it’s just a cybersecurity thing

you must assume that a hacker can read all data and code on the client side

because they can

true, im used to making ai for myself

fwiw it seems like that part has been implemented really well

ty ty

if you want to protect the api key you use for your endpoint, first you will need to not use a jvm language (in a scenario where. you don't control the jvm), second you will need to assume that all clients have complete access to everything you give them (including obfuscated natively compiled content) and there's not really anything you can do about it

You do that anyway

Even with skidfuscator or JNIC you can't count on people not having your client code

The way I ended up handling it for my webhook was making a cloudfare worker that requests were sent to, it processed it and sent it to the discord webhook stored in a secret key

-# and filtered out the @ everyone and @ here that some mf spammed the first time

You might be able to do something similar

wdym?

one time i put a webhook in the source code of a website in plain text... it did not end well lol

lukily it was for a private server but the things that people sent to it should not be repeated

Yes I had that experience too

That makes sense, I was thinking that something like that might be a good approach based on what I've seen in the conversation so far.

You'd need some way of filtering out legitimate users from spammers, but that's really hard to do. Furthermore, what even defines a legitimate user here?

i improved the security, its no
longer hardcoded and my server only allows java clients, still testing it though

I feel like you missed the point

you can't improve security in any meaningful fashion

no matter what you do

i did something different, first it goes through an auth server, which first checks if the userClient is java, then it makes the request to the rag server and returns an answer, im still working on things like randomising tokens, and obfuscation

won't matter, you can try, I'll show you that it can still be cracked

You are right on that one, but...
Is there anything else he can do in such case?
Probably not

No, and theres not really a point in trying. The issue is with the fundamentals of the tools being used

Even companies that use advanced DRM software to stop crackers fail

the way you would do it is you have an account system where the user logs in and is given a token then. Each token is attached to the user and all the logic is done on the server side. That way you can track mis-use and terminate accounts. But even then that's flawed as you can have people making multiple accounts

you can hand craft userClients

or even more trivially, you add a debug agent and stop the execution right before the prompt is sent and intercept the token

and voila you have a valid token

I mean the entire mod could just be a black box, you just watch for outgoing net requests and get the token from there

burpsuite, postman, wireshark, and more can all do that

there is a reason most ai companies put a price / token on their apis

you can't really offer llms for free because they will be abused to hell and back

so you're saying i should monetise my mod?

isn't that against the minecraft eula?

indeed

you cannot satisfy all the requirements you want for your project in this environment

isn't it against the minecraft eula?

well yes, that's part of it

you can't realistically prevent misuse without charging for use

and you can't charge for use

so you can't realistically prevent misuse

what about obfuscating your mod

i've been trying to do it for the past couple minutes

you do know that this entire community is built around modding an obfuscated game

additionally doesn't stop

I mean the entire mod could just be a black box, you just watch for outgoing net requests and get the token from there

how can i stop that then?

you can't

what can they do with the server? because all of it is based in gcloud, which is heavily protected

make requests to the llm

idrc about that because its free anywa

free but not free?

its free credit from google

so it won't be free

soon

besides i might downgrade the computers if needed because im only using 0.8% of the cpu

is that when you're using the llm

yes

why say you're paying if you're not paying

why does that matter

because if its free than leaving it open is fine

because it doesn't cost you anything

if it does cost you something you can't leave it open

i have other plans to expand it

i have future methods of monetising it

well those methods cannot involve mc but sure

lmao

twonick is calling

i gave up because the script is so picky

If I have to i can manually get the network stuff with wireshark and then voila

i have a way to call the LLM

you can try again now, ive completely changed it

ive updated the mod on curseforge and modrinth

okie

god why did you replace the 1.0.0 version?

just release updated versions

We all have the jar anyway

couldnt be asked

It's not good practice to release and overwrite a numbered release

wdym

why is splitting your api into 3 text files any better

I can crack this too lmao

because my first plan was to obfuscate it

but then i couldnt be asked to change it back

And that would do.... what exactly?

There are a lot of people here, including me, that could just reverse engineer it

obfuscated mods?

Mhm

The entire fucking game is obfuscated

Hasn't stopped us from modding it and getting basically the entire source code

dont we code it using forge and fabric?

we dont directly mod minecraft, we use either forge or fabric

Well usually

wheres the source code then?

Technically MCP is still maintained

or neoforge

We can view the source in IDEA by decompiling it

The IDE does it for us

Or you can get MCP and edit the base code and recompile it, although it's not that easy

https://github.com/Hexeption/MCP-Reborn

let me try

If you have a class name from mc, ctrl+click on it

it should take you to the src

im on mac so its different

cmdclick

probably

i will refrain from making a comment about macs

i got a mac because of ai

not minecraft

ai is my top priority

uhmmmmmmmmmm

why the fuck would you get a mac for AI???

You need a beefy graphics card

not neccessarily

I got a dell gaming laptop for AI

it also requires ram

With a 4070

yes necessarily

a fuck ton of it

which mac is also in short supply of

macs use shared memory

"Here tim, another $200!"

which means it uses ram that the cpu and gpu use

32gb not enough?

at the same time

so?

They're still shitty for AI

so it can transfer data more seamlessly between the gpu and cpu

a gaming laptop cant do that

plus mobile graphics cards are too underclocked

You don't need seamless transfer

You just need beefy hardware

Like a 4070 and 32gb ram

yes it can improve peformace

with an i9 14900hx

for example

what do mobile graphics cards have to do with this

But it's not a priority compared to solid hardware

fr

if windows computers had shared memory

you would require a 5060 at most

for running a 671b parameter model

macs are designed like that

thats why its great for ai at home

plus ollama is starting to introduce mlx

where it uses the npu inside apple silicon chips

you confused or what?

No, not confused...

Gimme a sec to crack your latest bot and then i'll see where we are

I feel like you were conned by someone

He drank the coolaid

i feel like i was educated

anyway

mate I use a mac and have been using one for a decade, I know what it's good for and bad for and frankly the points you are bringing up don't make any sense

Yes and I have years of experience in backend design and AI management and uh

Macs don't cut it

There's a reason I got rid of mine

for a decade?

so its not apple silicon

Oh god don't get me started

the intel ones are horrible

I have had more than one laptop bruh

and a desktop

whats your point

you don't know what you are talking about but think you do

which is a bad place to be tbh

whats your point here

and i have absolutely no qualifications

That we know what Macs can and can't do

I have a silicon, I have had an intel

We have more experience than you if I had to guess

I've had both, silicon has a nice UX but that's about it

It's not good for any powerhungry computing, especially AI

ai isnt entirely based on powerhungry computing

its a multitude of things

like?

Like?

we should wait for them to pull up another llm to give them a good point

@plain pebble is gonna have his work cut out for him with

You beat me to it lol

ai peformance isnt purely about wattage, they run ai models faster per watt than traditional x86 systems

as well as that

things like core ml

are deeply integrated

What does wattage have to do with anything compared to a solid GPU?

which is very optimised

Like something from NVIDIA

performance per watt is like how efficient you are at reaching a certain compute, you still can't reach a high compute

you can get to low compute at low cost

but you can't get to high compute at all

Is it worth arguing with him anymore?

He is clearly dedicated beyond belief to Macs for AI, even I was never that big of an Apple fanboy

good way to pass time

True

Okie

Yk I'll just crack notchnet 1.0.1 while i'm waiting

because peformance isnst purely based on pure power (like watts) it also depends on architecture memory speed, software optimisation and hardware specialisation

And please I beg of you don't overwrite numbered releases like you did with NotchNet 1.0.0

meh

I guess so

I mean yes, macs are efficient, its the main selling point but for $$/compute you can't beat nvidia at the moment

you don't need to know the why, you just look at the market

but im not paying 10k

Yeah and apple is so cheap

I can get 5x the compute for the same price on a PC compared to a Mac

ok but ai isnt just flops m8

its also memory bandwith

latency

software

keyword

buzzword

man I thought we were through with all of that here, I was clearly naive

Apparently there are two peaks

I thought we were done too

uhh this ai had other goals previously

Come again?

"My context discusses two main topics.\n\nThe first topic is about creating symbolic links on a Windows computer using an elevated command prompt and the `mklink` command. It explains that you need to run the command prompt as an administrator, even if you are the administrator, to avoid a privilege error.\n\nThe second topic covers renaming items in a game interface. It states that if you leave the name field blank or use only spaces, the item will revert to its default name. If you try to set the name to what it already is, a red \"X\" will appear on the arrow in the interface. It also notes that named items will not stack with unnamed items or items that have different names, even if they are the same type of item.\n"

I'm confused

I asked it what it's been trained on

Ah

getting there, it's a google ai

cracking it is definitely not as straight forward as others

google's context separation is pretty damn good, prompt injection is clearly something they put a lot of thought into

I can get the context out but can't get to the exact prompt

😂

its not google

its my own custom ai

then it was trained on something by google

at some point

nope

its just hosted on google

What ravistar is saying makes sense to me

unified memory ==> very high vram which you want for very large models

cause if your gpu has like. 12 gb vram you have to quantize a large model a TON to get it all to fit in there

versus unified memory where the gpu can directly access larger amounts of memory

64gb is the max unified memory you can get out of silicon series chips at a cost which just doesn't make sense if your goal is to train llms

additonally i travel a lot

macs are easy to carry

okay but how much would you be paying for a GPU with that much vram

at the moment, around 4k euros

4k you can buy a mac with a cpu, memory, gpu, ssd all included

the value proposition makes sense to me 🤷‍♀️

with the mac you're capped at low compute

compute doesnt matter

maybe, but my understanding is that thats not a limiting factor

well it does but its not what its based on

and these gpus should not be this expensive, they just are at the moment because of the inflationary costs of gpus due to low supply relative to demand

so are macs?

they would be a lot cheaper

macs cheaper?

since when

well when you can find a laptop with this much vram that costs less than a mac let me know...

im not saying that

but its cheaper than buying a 5090 setup

which can result in better efficiency

you wouldn't use a 5090 anyway

you'd use like an a100

then you're gonna need a threadripper

or intel xeon

to prevent bottlenecking

then on top of that more ram

the costs keep going up and up

yeah

idk man i think that you maybe arent gonna win this one

like ravistar did make a horribly insecure frontend on this mod, yes

but they seem to know their shit when it comes to ai 🤷‍♀️

the point being you don't really train models locally

i made the mod in like 2 days lmao

you use a cloud provider

because non-commercially it doesn't make sense

no i didnt?

when did i ever say that

this is a theoretical

i HOST it on gcloud

"you" the general you, as in people in general, use a cloud provider

thats because most people use windows laptops

you arent gonna make chatgpt locally on your laptop but you totally can do a bit of training locally

mines just minecraft datasets

theres no way what you trained was just on mc's dataset

its literally nothing

not even a gb

the outputs don't make any sense if that's all you trained it on

you start with a pretrained model

you get like

a base model

so fine-tuned

and then you train it on your specific dataset

idk if thats what ravistar did but

for example llama3.1:8b

you know, this makes a whole lot more sense now

you did not train an llm from the ground up as implied

you fine tuned an existing model on an mc dataset

or rag, or whatever similar technique

I think

that to someone who knows about local AI development

the meaning would have been clear

..

why does your llm have answers about modding via forge and how to debug path issues in windows related to sym links

and why does it keep insisting its a google ai

thats probably the llm

i prompted that purposely

because its closed source, its not something like chatgpt which is open source

lmao

that was a pretty good one

ok but try accessing my code

thats the whole point of closed source

The only thing that is closed source is your model

And we don't really need that if we can access it externally

ok but you cant steal my ai model

and sell it

i have full control over the model

That is true

I don't see a reason to hide what model you used as a base. Also, only GPT-2 and chatgpt-oss are open source as far as I'm aware

ok cool

Glad I'm not the only one

would be goofy if all it was was openai's fine tuning 💀

welcome to the club

@pliant nimbus but what do you use? RAG or a fine tuned model?